Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Search Engine Finds Vulnerable SCADA Systems

UPDATED: ICS-CERT, the emergency response team for industrial control systems, has warned companies that run SCADA (Supervisory Control and Data Acquisition) software that the systems running it may be easily discovered using a free Web based search engine dubbed Shodan.

UPDATED: ICS-CERT, the emergency response team for industrial control systems, has warned companies that run SCADA (Supervisory Control and Data Acquisition) software that the systems running it may be easily discovered using a free Web based search engine dubbed Shodan.

The warning came in the form of an ICS-CERT Alert, published on October 28. The group, which is part of US-CERT, warns that “multiple independent security researchers” have reported using SHODAN to discover Internet facing SCADA systems in “several critical infrastructure sectors.”

The systems discovered range from systems used for remote access and monitoring, but also include systems with the ability to directly manage configuration of SCADA systems. Vulnerable devices range from a stand alone workstation to “larger wide area network configurations connecting remote facilities to central monitoring systems.”

Shodan is a Web based search engine that discovers Internet facing computers,including desktops, servers and routers. The engine, created by programmer John Matherly, allows users to filter searches for systems running a specific type of application (say, Apache Web servers or FTP) and filter results by geographic region. The search engine indexes host ‘banners,’ which include
meta-data sent between a server and client and includes information such as the type of software run, what services are available and so on.

The Shodan engine isn’t discovering SCADA systems that were previously inaccessible from the public Internet. Rather, it greatly lowers the technical bar needed to canvas the Internet for such systems, ICS-CERT said.

ICS-CERT is coordinating with the affected software vendors and Information Sharing and Analysis Centers (ISACS) for affected verticals to resolve the specific security issues reported to the center. However, the steep increase in reporting about publicly accessible SCADA systems prompted ICS-CERT to issue a general warning to all critical infrastructure operators.

Some of the systems discovered are still insecure passwords that are easy targets for brute force attacks. Other systems reported to the CERT were found to still use default passwords that can be retrieved from product documentation or online default password repositories, the Alert warned.

“The simple answer is
that anything of critical importance should never be connected to the Internet. Ever.” said Shodan creator Matherly in an e-mail to Threatpost. “As the recent Siemens incident shows, many of these systems
have glaring security problems or don’t have proper security teams in place.”

Control system operators were advised to conduct an audit their existing systems, including those not directly connected to the Internet, to make sure that no weak or default passwords are being used. In addition, operators are advised to place any control systems behind firewalls and to isolate them from business networks. Virtual Private Networks (VPN) should be used for remote access to such systems and strong passwords and access management strategies should be employed, the Alert says.

Discussion

Isn't the bottom line issue here the miserable engineering of these systems lack of a firewall. Setting appliances directly facing the web with no firewall. IPCop could protect a scada box. Albeit NETBSD might be better, If the SCADA system operators are too lazy to put up the most basic security they have only to blame themselves. It's certainly not a reason for Obama to "shut down the web" or any of that ratcheting up cybercrime nonsense. It is reason for someone to cut off the web access with a pair of wire cutters and then manually babysit whatever it is. These people keep crying wolf, and when the REAL problems happen they're clueless, and nobody believes them.

Restricted Access Global Environment That is Only Accessible through Biometrics

Annapolis,
MD July 1, 2011 – SAFE Age Corporation announces the introduction
of the RAGE;providing the new age of
secure Internet use and access. The RAGE
is a patented Restricted Access Global Environment
that is unlike the Internet environment we use today.It can only be accessed by a biometrically verified
user with a biometric sign-on device. Users are biometrically verified through
high levels of encryption and can then gain access to any account or online
venue that would usually require a user name, password, PIN, or token. This state-of-the-art
technological advancement is unique in that it is impenetrable; eliminating any
unauthorized use, fraud or data theft. There is now no need for user names,
passwords, PINs, or sign-on tokens.

Data security is crucial for
all levels of business, government, and national defense.Today’s systems contain sensitive data that
is virtually useless if it is not properly protected.Hackers, thieves, and intruders are rampant
and constantly threatening the security of these systems we rely on.Identity theft ruins lives on a daily basis
and cyber security is now a major necessity for all. SAFE Age is proud to offer
the solutions to these vexing problems.

The new RAGE
provides secure access to an infinite number of applications that require a protected
sign-on to a secure environment.Users
can safely conduct any form of commerce, data capture, or secure intelligence
with the RAGE. There is a significant difference
from the internet that we currently use, in that the RAGE is a self contained,
independent, global network that requires biometric access for user
verification. The biometric devices can be issued to anyone. Individuals or businesses
can use these devices eliminating the need of issuing user names and passwords
for accounts. This eliminates access to accounts after business hours or after
employee/contract termination. Also, an authorized account owner can give a
remote user access to an account, or data vault, through deployment of
biometric sign-on devices anywhere in the world. Our patented encrypted
biometric devices can be activated and/or de-activated at anytime globally.

To learn more about The RAGE
and how it can assist you in keeping your data safe and secure, please contact
Safe Age at: brian@safeage.net or
443-223-3888.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.